-
Notifications
You must be signed in to change notification settings - Fork 70
About ESSE
ESSE (Encrypted Symmetrical Session Engine) An open source encrypted peer-to-peer session system would allow data to be sent securely from one terminal to another without going through third-party services.
At present, when we use the network services provided by those Internet companies to manage our own data, such a situation occurs, even if it is a data backup operation between two local devices, the data still need to be completely uploaded to the server-side owned by the Internet companies and then downloaded to the local target device.
The main reason for this situation is that the services provided by these companies are centralized, and the communication between any two nodes must pass through the central node. Although such kind of centralized service model satisfies the current needs of many individuals, families and small businesses to a certain extent, it also has the limitations as mentioned earlier and some risks:
- Data Security Risks
When data are transferred over the Internet, it may be subject to potential surveillance and censorship, which will infringe on privacy or disclose trade secrets, and the data stored on the vendor’s servers may also be subject to attack or abuse.
- Service Availability Risks
Server maintenance, network or server attack or lack of Internet connection, etc. can cause users to temporarily unable to use the service, and more seriously, as users, we will never know when the companies will permanently shut down those services we are using due to various reasons such as strategic adjustments or commercial interests or others.
Current Internet services, whether it is e-commerce, social networking or instant messaging, etc., have adopted a centralized technology model. In fact, as long as we choose to use these services, whether it’s free or charged, we are already in a weak and passive position. In the past few decades, Internet companies, as vendors of information channels, have provided various centralized network services to store and occupy a large amount of user data, but users who are producers and consumers of data cannot authentically own their data.
World is becoming more and more “data-driven”, more and more users are beginning to realize that "data contains great value" and become more concerned about their right to data privacy. The status quo that data ownership “only” belongs to Internet companies needs to be changed. On the one hand, Internet companies, as vested interests, will not take the initiative to make concessions and changes, and on the other hand, the forces driving change are brewing and growing.
As the new century unfolds, modern cryptography has developed rapidly. A number of decentralized technology products based on modern cryptography have brought new possibilities in many fields. Some use peer-to-peer technology for file sharing, others use decentralized public ledgers to provide new ideas for digital currencies and assets, and Git is undoubtedly the most enlightening of the many products.
As a currently widely used source code management system, one of Git's key design objectives is flexibility. In most cases, the team can pick a server as the shared central node, and everyone works around this central node. In the case of relatively discrete nodes, nodes can still be interoperable in pairs. And in some specific workflow designs, users can mix and match aspects from different workflows to suit specific needs.
Git support for various kinds of non-linear development workflows, largely due to the symmetrical design of Git's distributed systems, which is the equivalent design of servers and clients. In other words, a higher level of abstraction brings greater flexibility.
With the popularity of 5G, Wi-Fi6 and other network technology standards serving the Internet of Things, more intelligent devices will be connected to the Internet, incalculable interactive data between devices will flood the network, this trend also poses new challenges to the architecture of near-future network services and communication security.
Based on the above interpretation of reality and trends, we have defined the baseline of the product, which are high security, high availability, privacy protection, and most importantly, symmetrical design. We named it after a palindrome word as ESSE.
ESSE, stands for Encrypted Symmetrical Session Engine, positioned as an engine. The engine is coded in Rust language, and the cross-platform user interface is built using Flutter. The following will briefly introduce the main parts of ESSE.
Distributed identity allows for an individual to create an identity that can be used as a basis for authentication or validation of exchange, and the identity should be stored in a distributed, secured, trusted location.
We use a mnemonic phrase as a memory aid and the user's recovery key based on the set of words and the secure random algorithm. The mnemonic phrase is then passed through the hash function BLAKE3, to work out the only public and private key pair based on the Ed25519 elliptic curve (the private key can be used to sign information, the public key can be used to verify identity), and its public key as the user's unique identity. The identity is then coded by base58 to generate a user-visible distributed identity(DID). To secure the local storage, we use the user-entered PIN mixed with the local machine randomly generated code as an encryption key of the AES-256-GCM algorithm.
Mainly responsible for building stable peer-to-peer connections and encrypting and transmitting information through x25519 and AES-GCM. This part is based on our open source project Chamomile, the peer-to-peer network protocol that built a network identity and routing system on top of the TCP/IP while adopting a dual-DHT design (similar to Kademlia’s algorithm with IP geolocation).
In today's multi-device, multi-system digital life, we all have multiple identities. ESSE allows users to use multiple identities at the same time and isolate each other for privacy protection. This part of the implementation is based primarily on TDN's technical architecture. Each identity as an individual shard, within the same shard, events on different devices are sorted by consensus. From a single device perspective, multiple identities (shards) within the device are bundled together as one layer to interact with external devices(layers).
Our world is undergoing some profound changes, some of which are positives, but there are also negatives. If the world is going to have any of the things most of us value -- like privacy rights -- we are going to have to put it there ourselves. Because otherwise, those things wouldn't exist.
To protect our digital privacy, by owning our data authentically.
- Architecture
- KeyStore
- P2P Network
- Distributed Identity (DID)
- Distributed Devices
- Distributed Notes & Files
- Distributed Storage & Synchronization
- Built-in IM Application
- Built-in Group Chat Application
- Built-in Domain Application
- Built-in Wallet Application
- Built-in Robot assistant Application
- Multi-identity System
- Support platforms